arcanus 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 52e5895e0c0560d9a912260b996068dce2b1a775
-  data.tar.gz: d80b64ee9c1774a87b472d08f2780e65971fb075
+  metadata.gz: c203a66cb5ef34e876084ba7aabd877ee6228816
+  data.tar.gz: c2af0b10865835de171ecfcf8ec3897ace3b6cdb
 SHA512:
-  metadata.gz: df1be1a9de6798d5ca787f6a1d5d8e92e29533afbfd7a83ef05ad879a40560377f6a6bfb4d98013471250f8433df5cf9afb84a9229a041d89233d9fc9747188f
-  data.tar.gz: 04ce87f5fe98d26de59e1ac8e4e1d15dd9e308a595bdc313d4a51fbcfad2ab22dcdf46169ed188f55f182fb9dab8edeb31ab01ef633ba41826a18f320d1a5dd5
+  metadata.gz: c30600d873ed37082854aa17f149dcac96d7fb467fe9a9bb271c8a5ffe16f3dcce03f2f098c0f32761c9eecbfed02d4df500eb5263490eb6e83a059fe3948dec
+  data.tar.gz: bf2b007a2efc9f4263928ac96be9da2a1867dd01b962b1996742fd058db7d72c9b6a68dfb48fc2be7217fcacc32de32f22b57443e065ca4e691a69f39c657549

data/lib/arcanus.rb

@@ -11,3 +11,39 @@ require 'arcanus/key'
 require 'arcanus/chest'
 require 'arcanus/utils'
 require 'arcanus/version'
+
+# Exposes API for consumption by external Ruby applications.
+module Arcanus
+  module_function
+
+  # Returns the Arcanus chest, providing access to encrypted secrets.
+  #
+  # @return [Arcanus::Chest]
+  def chest
+    Arcanus.load unless @chest
+    @chest
+  end
+
+  # Loads Arcanus chest and decrypts secrets.
+  #
+  # @param directory [String] repo directory
+  def load(directory = Dir.pwd)
+    @config = Configuration.load_applicable(directory)
+    @repo = Repo.new(@config)
+
+    unless File.directory?(@repo.arcanus_dir)
+      raise Errors::UsageError,
+            'Arcanus has not been initialized in this repository. ' \
+            'Run `arcanus setup`'
+    end
+
+    unless File.exist?(@repo.unlocked_key_path)
+      raise Errors::UsageError,
+            'Arcanus key has not been unlocked. ' \
+            'Run `arcanus unlock`'
+    end
+
+    @chest = Chest.new(key_file_path: @repo.unlocked_key_path,
+                       chest_file_path: @repo.chest_file_path)
+  end
+end

data/lib/arcanus/chest.rb

@@ -5,7 +5,7 @@ require 'yaml'
 
 module Arcanus
   # Encapsulates the collection of encrypted secrets managed by Arcanus.
-  class Chest
+  class Chest # rubocop:disable Metrics/ClassLength
     SIGNATURE_SIZE_BITS = 256
 
     def initialize(key_file_path:, chest_file_path:)
@@ -13,10 +13,10 @@ module Arcanus
       @chest_file_path = chest_file_path
       @original_encrypted_hash = YAML.load_file(chest_file_path).to_hash
       @original_decrypted_hash = decrypt_hash(@original_encrypted_hash)
-      @hash = @original_decrypted_hash.dup
+      @hash = Utils.deep_dup(@original_decrypted_hash)
     end
 
-    # Access the collection as if it were a hash.
+    # Access the chest as if it were a hash.
     #
     # @param key [String]
     # @return [Object]
@@ -24,11 +24,41 @@ module Arcanus
       @hash[key]
     end
 
+    # Fetch key from the chest as if it were a hash.
+    def fetch(*args)
+      @hash.fetch(*args)
+    end
+
     # Returns the contents of the chest as a hash.
     def contents
       @hash
     end
 
+    # Set value for the specified key path.
+    #
+    # @param key_path [String]
+    # @param value [Object]
+    def set(key_path, value)
+      keys = key_path.split('.')
+      nested_hash = keys[0..-2].inject(@hash) { |hash, key| hash[key] }
+      nested_hash[keys[-1]] = value
+    rescue NoMethodError
+      raise Arcanus::Errors::InvalidKeyPathError,
+            "Key path '#{key_path}' does not correspond to an actual key"
+    end
+
+    # Get value at the specified key path.
+    #
+    # @param key_path [String]
+    # @return [Object]
+    def get(key_path)
+      keys = key_path.split('.')
+      keys.inject(@hash) { |hash, key| hash[key] }
+    rescue NoMethodError
+      raise Arcanus::Errors::InvalidKeyPathError,
+            "Key path '#{key_path}' does not correspond to an actual key"
+    end
+
     def update(new_hash)
       @hash = new_hash
     end
@@ -46,7 +76,7 @@ module Arcanus
 
     private
 
-    def process_hash_changes(original_encrypted, original_decrypted, current)
+    def process_hash_changes(original_encrypted, original_decrypted, current) # rubocop:disable Metrics/MethodLength, Metrics/LineLength
       result = {}
 
       current.keys.each do |key|
@@ -55,9 +85,14 @@ module Arcanus
         result[key] =
           if original_encrypted.key?(key)
             # Key still exists; check if modified.
-            if original_encrypted[key].is_a?(Hash) && value.is_a?(Hash)
-              process_hash_changes(original_encrypted[key], original_decrypted[key], current[key])
-            elsif value != original_decrypted[key]
+            if value.is_a?(Hash)
+              if original_encrypted[key].is_a?(Hash)
+                process_hash_changes(original_encrypted[key], original_decrypted[key], value)
+              else
+                # Key changed from single value to hash, so no previous has to compare against
+                process_hash_changes({}, {}, value)
+              end
+            elsif original_decrypted[key] != value
               # Value was changed; encrypt the new value
               encrypt_value(value)
             else
@@ -74,22 +109,14 @@ module Arcanus
     end
 
     def decrypt_hash(hash)
-      decrypted_hash = {}
-
-      hash.each do |key, value|
+      hash.each_with_object({}) do |(key, value), decrypted_hash|
         begin
-          if value.is_a?(Hash)
-            decrypted_hash[key] = decrypt_hash(value)
-          else
-            decrypted_hash[key] = decrypt_value(value)
-          end
+          decrypted_hash[key] = value.is_a?(Hash) ? decrypt_hash(value) : decrypt_value(value)
         rescue Errors::DecryptionError => ex
           raise Errors::DecryptionError,
                 "Problem decrypting value for key '#{key}': #{ex.message}"
         end
       end
-
-      decrypted_hash
     end
 
     def encrypt_value(value)

data/lib/arcanus/command/edit.rb

@@ -18,10 +18,15 @@ module Arcanus::Command
       chest = Arcanus::Chest.new(key_file_path: repo.unlocked_key_path,
                                  chest_file_path: repo.chest_file_path)
 
-      ::Tempfile.new('arcanus-chest').tap do |file|
-        file.sync = true
-        file.write(chest.contents.to_yaml)
-        edit_until_done(chest, file.path)
+      if arguments.size > 1
+        edit_single_key(chest, arguments[1], arguments[2])
+      else
+        # Edit entire chest
+        ::Tempfile.new('arcanus-chest').tap do |file|
+          file.sync = true
+          file.write(chest.contents.to_yaml)
+          edit_until_done(chest, file.path)
+        end
       end
     end
 
@@ -31,6 +36,14 @@ module Arcanus::Command
       !ENV['EDITOR'].strip.empty?
     end
 
+    def edit_single_key(chest, key_path, new_value)
+      new_value = arguments[2]
+      old_value = chest.get(key_path)
+      chest.set(key_path, new_value)
+      chest.save
+      ui.success "Key '#{key_path}' updated from '#{old_value}' to '#{new_value}'"
+    end
+
     def edit_until_done(chest, tempfile_path)
       # Keep editing until there are no syntax errors or user decides to quit
       loop do

data/lib/arcanus/command/setup.rb

@@ -1,3 +1,5 @@
+require 'fileutils'
+
 module Arcanus::Command
   class Setup < Base
     description 'Create a chest to store encrypted secrets in the current repository'
@@ -9,16 +11,17 @@ module Arcanus::Command
       ui.info "Let's generate one for you."
       ui.newline
 
+      create_directory
       create_key
       create_chest
-      update_gitignore
+      create_gitignore
 
       ui.newline
       ui.success 'You can safely commit the following files:'
-      ui.info Arcanus::CHEST_FILE_NAME
-      ui.info Arcanus::LOCKED_KEY_NAME
+      ui.info Arcanus::CHEST_FILE_PATH
+      ui.info Arcanus::LOCKED_KEY_PATH
       ui.success 'You must never commit the unlocked key file:'
-      ui.info Arcanus::UNLOCKED_KEY_NAME
+      ui.info Arcanus::UNLOCKED_KEY_PATH
     end
 
     private
@@ -45,6 +48,10 @@ module Arcanus::Command
       true
     end
 
+    def create_directory
+      FileUtils.mkdir_p(repo.arcanus_dir)
+    end
+
     def create_key
       password = ask_password
 
@@ -90,8 +97,10 @@ module Arcanus::Command
       File.open(repo.chest_file_path, 'w') { |f| f.write({}.to_yaml) }
     end
 
-    def update_gitignore
-      File.open(repo.gitignore_file_path, 'a') { |f| f.write(Arcanus::UNLOCKED_KEY_NAME) }
+    def create_gitignore
+      File.open(repo.gitignore_file_path, 'a') do |f|
+        f.write(File.basename(Arcanus::UNLOCKED_KEY_PATH))
+      end
     end
   end
 end

data/lib/arcanus/command/show.rb

@@ -12,7 +12,13 @@ module Arcanus::Command
       chest = Arcanus::Chest.new(key_file_path: repo.unlocked_key_path,
                                  chest_file_path: repo.chest_file_path)
 
-      output_colored_hash(chest.contents)
+      if arguments.size > 1
+        # Print specific key
+        ui.print chest.get(arguments[1])
+      else
+        # Print entire hash
+        output_colored_hash(chest.contents)
+      end
     end
 
     private

data/lib/arcanus/command/unlock.rb

@@ -32,11 +32,11 @@ module Arcanus::Command
 
     def unlock_key
       loop do
-        ui.print 'Enter password:', newline: false
+        ui.print 'Enter password: ', newline: false
         password = ui.secret_user_input
 
         begin
-          key = Key.from_protected_file(repo.locked_key_path, password)
+          key = Arcanus::Key.from_protected_file(repo.locked_key_path, password)
           key.save(key_file_path: repo.unlocked_key_path)
           break # Key unlocked successfully
         rescue Arcanus::Errors::DecryptionError => ex

data/lib/arcanus/configuration.rb

@@ -8,15 +8,15 @@ module Arcanus
   # this logic can be shared amongst the various components of the system.
   class Configuration
     # Name of the configuration file.
-    FILE_NAME = '.arcanus.yaml'
+    FILE_NAME = 'config.yaml'
 
     class << self
       # Loads appropriate configuration file given the current working
       # directory.
       #
       # @return [Arcanus::Configuration]
-      def load_applicable
-        current_directory = File.expand_path(Dir.pwd)
+      def load_applicable(working_directory = Dir.pwd)
+        current_directory = File.expand_path(working_directory)
         config_file = applicable_config_file(current_directory)
 
         if config_file
@@ -51,7 +51,7 @@ module Arcanus
       def applicable_config_file(directory)
         Pathname.new(directory)
                 .enum_for(:ascend)
-                .map { |dir| dir + FILE_NAME }
+                .map { |dir| dir + '.arcanus' + FILE_NAME }
                 .find do |config_file|
           config_file if config_file.exist?
         end

data/lib/arcanus/constants.rb

@@ -2,9 +2,9 @@
 module Arcanus
   EXECUTABLE_NAME = 'arcanus'
 
-  CHEST_FILE_NAME = '.arcanus.chest'
-  LOCKED_KEY_NAME = '.arcanus.pem'
-  UNLOCKED_KEY_NAME = '.arcanus.key'
+  CHEST_FILE_PATH = File.join('.arcanus', 'chest.yaml')
+  LOCKED_KEY_PATH = File.join('.arcanus', 'protected.key')
+  UNLOCKED_KEY_PATH = File.join('.arcanus', 'unprotected.key')
 
   REPO_URL = 'https://github.com/sds/arcanus'
   BUG_REPORT_URL = "#{REPO_URL}/issues"

data/lib/arcanus/errors.rb

@@ -29,4 +29,7 @@ module Arcanus::Errors
 
   # Raised when run in a directory not part of a valid git repository.
   class InvalidGitRepoError < UsageError; end
+
+  # Raised when a key path corresponding to a non-existent key is specified.
+  class InvalidKeyPathError < UsageError; end
 end

data/lib/arcanus/key.rb

@@ -25,7 +25,7 @@ module Arcanus
         new(key)
       rescue OpenSSL::PKey::RSAError
         raise Errors::DecryptionError,
-              'Either the password is invalid or the PEM file is invalid'
+              'Either the password is invalid or the key file is corrupted'
       end
     end
 

data/lib/arcanus/repo.rb

@@ -53,12 +53,16 @@ module Arcanus
         end
     end
 
+    def arcanus_dir
+      File.join(root, '.arcanus')
+    end
+
     def gitignore_file_path
-      File.join(root, '.gitignore')
+      File.join(arcanus_dir, '.gitignore')
     end
 
     def chest_file_path
-      File.join(root, CHEST_FILE_NAME)
+      File.join(root, CHEST_FILE_PATH)
     end
 
     def has_chest_file?
@@ -66,7 +70,7 @@ module Arcanus
     end
 
     def locked_key_path
-      File.join(root, LOCKED_KEY_NAME)
+      File.join(root, LOCKED_KEY_PATH)
     end
 
     def has_locked_key?
@@ -74,7 +78,7 @@ module Arcanus
     end
 
     def unlocked_key_path
-      File.join(root, UNLOCKED_KEY_NAME)
+      File.join(root, UNLOCKED_KEY_PATH)
     end
 
     def has_unlocked_key?

data/lib/arcanus/utils.rb

@@ -26,5 +26,15 @@ module Arcanus
             .tr('-', '_')
             .downcase
     end
+
+    # Returns a deep copy of the specified hash.
+    #
+    # @param hash [Hash]
+    # @return [Hash]
+    def deep_dup(hash)
+      hash.each_with_object({}) do |(key, value), dup|
+        dup[key] = value.is_a?(Hash) ? deep_dup(value) : value
+      end
+    end
   end
 end

data/lib/arcanus/version.rb

@@ -1,4 +1,4 @@
 # Defines the gem version.
 module Arcanus
-  VERSION = '0.1.0'
+  VERSION = '0.2.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: arcanus
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Shane da Silva
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-12-27 00:00:00.000000000 Z
+date: 2015-12-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: childprocess